HIPAA HITECH and Your Business Associates

As part of the webinar series "HIPAA HITECH Compliance for Smarties" we will be presenting a step by step process employing cloud computing and the Compliance Meter to help covered entities (CE) set up a program to manage the HIPAA HITECH compliance of their business associates (BA) cost effectively and efficiently.

BAs represent a substantial risk to covered entities, in fact according to the Ponemon Institute 42% of breaches are caused by business associates. But how does a CE manage hundreds or even thousands of third parties?

The CE sends a letter to their BA informing them of the responsibilities and asks them to complete an on-line questionnaire concerning their current level of compliance.

A formal HIPAA risk assessment may not be "reasonable and appropriate" for all BAs but the questionnaire is free and easy. The letter also reminds the BA that they must provide proof of compliance on an on-going basis.

Through the cloud computing model Compliance Helper can help the BAs get compliant, stay compliant, and prove compliance with the Compliance Meter for a few dollars per day which is "reasonable and appropriate".

The BA may be able to offer proof in some other fashion as long as it is acceptable to the CE.

Included in the letter is an invitation to a webinar on HIPAA HITECH Compliance for a BA. This serves as an educational opportunity and provides proof that the CE has an active program for managing their BA compliance.

For those who sign up for the Prepare/Care program from Compliance Helper a widget called The Compliance Meter which measures their compliance in four areas; policies approved, procedures approved, forms approved, and tasks completed.

Every action they take to protect PHI is time and date stamped and overseen by a privacy and security expert called a Helper. The BA may give a read only password to the CE that allows complete drill down capability.

This is the next best thing to an on-site visit but it is accomplished remotely, which is much more cost effective and efficient.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.